Virtual USB smartcard reader

[robmoore-i]

Hi,

I'm trying to provide a virtual USB smartcard reader to an Android app for smartcard authentication. The app works with USB smartcard readers.

I've tried running the Android smartcard reader emulator (from FDroid) and relaying a card via vpcd. The card is picked up successfully by the reader but the smartcard end application doesn't pick it up, probably because it doesn't work with PCSC but with USB smartcard readers.

So my next idea was to run the USB CCID emulator inside android alongside the PCSC-providing Android smartcard reader emulator app, to hopefully provide the required interface. I have looked into using seek-for-android's OpenSC-for-android to provide the OpenSC requirement, but it looks like using GadgetFS is not possible on Android, did you ever look at this and find something on it?

Other than that, what do you think my best option is?

Many thanks,

Rob

[frankmorgner]

USB CCID emulator on a smartphone was described here, I would not recommend it for Android though. First GadgetFS (or similar) is not compiled for any Android Kernel, second it would require a rooted phone.

Your best option is to stick to Android Smart Card Reader and figure out what is going wrong on your PC. Adding a simpler mechanism for connecting vpcd (PC) and the app (phone) could be added, for example based on Zeroconf or Bluetooth.

However, your description is not clear where your smart card application is running (or what it actually does). Is it on your phone (what's the use case)?

[robmoore-i]

Hi Frank, thanks very much for your reply,

The smartcard application is on the phone - it's a credential relaying android app which is intended to run in the background and be able to communicate with a bluetooth smartcard reader, to provide communication with the smartcard for a VDI client android app. Our use case requires virtual smartcards though, rather than the bluetooth smartcard reader that the app is generally used with.

There doesn't seem to be anything wrong with on the PC, the connection between vpcd on the PC and the Android smartcard reader emulator happens without errors.

Rob

[frankmorgner]

You need deep integration with the VDI app. Technically, this could be achieved if you hijack the communication between the reader and the virtual desktop infrastructure client. You would basically have a "virtual" reader on the phone with an emulated card.

However, from a security point of view this doesn't make sense. Having an emulated card with some credential stored on the phone is as good as if the VDI app would directly store a credential on the phone (e.g. username/password).

[robmoore-i]

Thank you,

I should have clarified, there is a physical smartcard, but it needs to be accessed remotely.

Rob

[frankmorgner]

Then, as said, you should hook into the API of the existing reader integration. For relaying the smartcard, you could then use pcsc-relay or vicc -t relay.